Market Trends That Matter. Power What’s Next in GRC with MetricStream’s Brazos Software ReleaseGRC | 4 Min Read |07 October 21|by Suneel Sahi
Our world is being rapidly disrupted by risk. Several emerging factors, including the new organizational challenges introduced by the ongoing pandemic, have made risk management more challenging than ever. As organizations seek new and improved ways to grow more resilient and ‘thrive on risk,’ a comprehensive understanding of the changing risk landscape can inform the right resilience strategies.
- Interconnected Risks are Increasing in Velocity and Volume
Headline-grabbing cyber, third-party, and supply chain risks—all of which form complex interconnected risk networks—are increasing in frequency. Cybersecurity threats exploiting remote work environments rank on the top of the list for chief risk offers (CROs) in the US. PwC’s 2021 US Pulse Survey saw 45% of CROs express concern about cybersecurity threats. And when it comes to supply chain disruptions, research from the McKinsey Global Institute, forecasts that disruptions lasting a month or longer can now happen every 3.7 years on average. The interconnected nature of these risks leads to significant consequences, from operational and cost implications to tarnished reputations. In KPMG’s global survey, six out of 10 respondents attribute their organization’s most severe reputational risks to third parties. The consequence: organizations are quickly realizing that they need risk assessment to be in real-time, helping them make faster decisions.
Peripheral Risk Awareness is Expanding
Increasing data volume and regulatory overload is causing peripheral risk awareness to extend beyond the traditional boundaries. The growing digitalization is enabling organizations to produce and digest granular data—expanding the role of risk and control functions. However, data generated by business lines and operational units exist in silos and are thus not able to contribute to the overall view of business. The sheer volume of the growing regulatory change—that grows year-on-year to protect organizations, consumers and other stakeholders—is a huge challenge for compliance teams. In our recently released 2021 State of the Compliance Survey report, it was found that 76% of compliance managers manually scan regulatory websites to track changes and assess their impact on the business.
Such complexity involved in managing growing data and the escalating regulatory change is driving the need for artificial intelligence (AI) and robotic process automation (RPA) solutions.
The Front Line is Best Positioned for Risk Management
A lot of risks start at the front line, but the good news is that they can end at the front line as well. This is because frontline workers hold the unique position of being valuable sources of risk-related information for the organization. However, success depends on, one, the efficient aggregation of the intelligence from those who are dealing with risk firsthand, and two, the effective management and extraction of value from this intelligence. The adoption of digital tools that make it easier to capture, report, and track business anomalies is the obvious answer to empower the front line. Organizations agree. Three out of four (75%) key managerial personnel in KPMG’s Covid-19 Risk Assessment survey named the adoption of digital tools as a crucial priority towards developing a robust risk-assessment approach.
Greater Agility is the Need of the Hour
As organizations become more digitalized, it gives them the benefit and ability to be able to do more. Take for example, contracts—integral to any organization. With digitization, organizations are able to extract a lot more data by comparing and analyzing the information at hand. However, to use this data to make faster strategic decisions, organizations need to be empowered with agility. Risk and compliance intelligence from across business units and departments—including semantically similar issues reported in the past—need to be captured, aggregated, and analyzed in near-real time. As per Chartis Research survey data, 57% categorize real-time event processing in the ‘high impact’ category among the varied impacts of advanced technologies on firms’ GRC architectures.
Disconnected Approaches Call for Integrated GRC and Risk Quantification
Gartner forecasts a growth of 12.4% on the global spending on information security and risk management technology and services, with estimated spends reaching $150.4 billion in 2021. However, several organizations are continuing to approach the management of risk, business continuity, compliance, and internal audit management separately resulting in multiple silos and disparate processes. Near real-time visibility into risk and compliance can only be possible with the integration and harmonization of different perspectives on risk across various functions. For example, standardization of taxonomies in risk communication can help. Another way to is to embrace risk quantification. The moving away from categorizing risks as red, yellow, green, to quantifying the specifics of risk, such as the dollar cost or the impact of a risk is the way ahead.
Power What’s Next with MetricStream’s Brazos Software Release
Helping organizations address and stay ahead of the market trends is MetricStream’s Brazos software release. As outlined in our earlier blog, the Brazos release packs in several features with the aim to simplify regulatory and compliance complexity, quantify the impact of cyber risks, and power next-gen vendor risk management with AI—enabling your organization to become future-ready.